# This controller handles the login/logout function of the site.  
class SessionsController < ApplicationController

  # render new.rhtml
  def new
    @page_title = "Spendy! Login"
    respond_to do |format|
      format.html # new.html.erb
      format.xml  { head :ok }
      format.iphone do # new.iphone.erb
        @panel_title = @page_title
        render :layout => false
      end
    end
  end

  def create
    self.current_user = User.authenticate(params[:username], params[:password])
    if logged_in?
      if params[:remember_me] == "1"
        self.current_user.remember_me
        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
      end
      flash[:notice] = "You have been logged in."
      redirect_to :controller => "welcome", :action => "home"
    else
      flash[:warning] = "The username and password combination you supplied do not match our records."
      redirect_to :action => "new"
    end
  end

  def destroy
    self.current_user.forget_me if logged_in?
    cookies.delete :auth_token
    reset_session
    flash[:notice] = "You have been logged out."
    redirect_to :controller => "welcome"
  end

end
